Almost half do not scrutinise app details, 60 per cent rarely review permissions being requested before download

London, UK, 6 April, 2017 – Poor security awareness, coupled with an insatiable demand for mobile apps, are placing UK consumers’ identities and devices at risk. A new nationwide survey commissioned by RiskIQ of 1,000 people across the country* reveals that almost half (45 per cent) do not scrutinise the app’s details while 60 per cent never or only occasionally review the privacy policy and permissions requested by the app before downloading. Such a fast and carefree approach to mobile apps is leaving UK consumers vulnerable to cyber criminals seeking to infect the mobile devices and steal information from unsuspecting victims.

RiskIQ logo

With 3.8 million cyber-crime offences[1] reported in the UK last year, cyber criminals are capitalising on consumers’ poor security awareness. Despite the prevalence of malvertising as an attack vector, RiskIQ’s survey found that 45 per cent have clicked on an advertisement promoting a mobile app, movie or game. This is followed by over a third (37 per cent) who have clicked on a link in an email, website or social media feed to download an app, movie or game. Consumers’ propensity to click through without thoroughly inspecting details such as the developer, last version update and any reviews, increases their risk of downloading counterfeit or malicious apps. Alarmingly, on more than one occasion, one in ten (12 per cent) have mistakenly installed an app in the belief that it originated from a trusted source later to find out this was not the case.

Colin Verrall, VP EMEA, RiskIQ comments, “Unlike businesses that are becoming increasingly mobile security savvy, many consumers remain unaware and vulnerable. Given the volume of personal information being requested and shared through mobile applications, the need for better mobile security awareness has never been greater.”

Generational and gender differences in mobile app and security behaviours are also apparent:

Generational differences – Millennials more vulnerable

Millennials are guilty of clicking before thinking, 14 per cent have mistakenly installed an app they believed was from a trusted brand. In comparison, seniors (60+) have never or rarely done so

13 per cent of millennials have jailbroken their phones, citing the freedom to download and install what they want as the biggest factor (73 per cent). Almost none of the seniors had done so, while 10 percent of Gen Xers and 3 per cent of baby boomers have

Over half of millennials (56 per cent) have clicked on an ad on their mobile promoting a mobile app, movie or game compared to 51 per cent of Gen Xers, 38 per cent of baby boomers and 25 per cent of seniors

Women at greater risk

A quarter of women (26 per cent) never read a mobile app’s data and privacy policy or review permissions requested compared to 17 per cent of men

Women are less likely to install additional security software on their mobile phones (39 per cent) compared to more than half of male respondents (53 per cent)

Women (28 per cent) are less likely to consider security features when buying a new phone versus 39 per cent of men

“The vastness of the app store ecosystem provides the perfect place for malicious actors to hide, luring consumers into believing their apps are official or their brand affiliation is legitimate. RiskIQ works with many major organisations to police their apps and brands across hundreds of different app stores but it’s no replacement for consumer vigilance. With the number of blacklisted apps** doubling between 2015 and 2016, it’s time for consumers to up their ‘security awareness’ game”, concludes Verrall.

[1] Office of National Statistics, Crime Survey of England and Wales, July to June 2016

Notes to editor* The Mobile Apps survey, conducted by Ginger Comms on behalf of RiskIQ in March 2017, sourced answers from 1,016 nationally representative UK adults aged 18 and above.** RiskIQ research on mobile apps affiliated with top UK brands across 150 different app stores.

About RiskIQRiskIQ is a cybersecurity company that helps organizations discover and protect their external-facing known, unknown, and third-party web, mobile, and social assets. The company’s External Threat Management platform combines a worldwide proxy and sensor network with synthetic clients that emulate users to monitor, detect, and take actions against threats. RiskIQ is used by thousands of security analysts including many from the Fortune 500 and leading financial institutions to protect their digital assets, users, and customers from external security threats. The company is headquartered in San Francisco, California, and backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures. Information security professionals can sign up for a fully functioning trial version of PassiveTotal for free by visiting www.riskiq.com/whats-new-passivetotal.